Wednesday, February 3, 2016

IKEv1 aggresive mode

I know that IKEv2 is getting popular but still IKEv1 has a huge presence in production networks. There are many reasons but I’m not going to focus on them. I would rather focus on one issue I see from time to time: ikev1 and an aggressive mode. Just to remind you, there are two modes of ikev1: aggressive and main. The first one is much faster, only three messages are exchanged, but it isn’t secure as the main mode (with six messages). The main problem with the aggressive mode is the first two messages contain data which may help to perform attack on your VPN.

The flag ‘-P’ is valid only with the aggressive
mode as the main mode doesn’t reply with hash in 2nd message. You can also save the hash directly to the file
(‘-Pfilename.txt), what is useful when you run a script:

As we can see the file contain
the hash:

Then we can use another tool (psk-crack) to
decode the hash. It took just 10 minutes to find the pre-share-key: